---
description: Column level permissions
keywords:
  - hasura
  - docs
  - permissions
  - rules
  - column
sidebar_position: 20
---

import Thumbnail from '@site/src/components/Thumbnail';
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';

# Column Permissions

## Introduction

Column permissions determine which columns are accessible in the rows which are accessible.

<Tabs className="api-tabs">
<TabItem value="console" label="Console">

Column-level permissions are simple selections on the Hasura Console in **Data -> [table] -> Permissions -> insert / 
select / update** as per this example:

<Thumbnail src='/img/auth/authorization_column-permissions_2.16.png' alt='Column level permissions' width='600px'/>

</TabItem>
<TabItem value="cli" label="CLI">

You can set column-level permissions in the `metadata -> databases -> [database-name] -> tables -> [table-name].yaml` 
file, eg:

```yaml {7-10}
- table:
    schema: public
    name: users
  select_permissions:
    - role: user
      permission:
        columns:
          - id
          - name
          - email
        filter:
          id:
          _eq: X-Hasura-User-Id
```

Apply the metadata by running:

```bash
hasura metadata apply
```

</TabItem>
<TabItem value="api" label="API">

You can set column-level permissions when using the
[permissions metadata API](/api-reference/metadata-api/permission.mdx). Example using a Postgres db:

```http {12-16}
POST /v1/metadata HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
  "type": "pg_create_select_permission",
  "args": {
    "source": "<db_name>",
    "table": "users",
    "role": "user",
    "permission": {
      "columns": [
        "id",
        "name",
        "email",
      ],
      "filter": {
        "id": "X-Hasura-User-Id"
      }
    }
  }
}
```

</TabItem>
</Tabs>

In this example, the role `user` has only partial access to columns of the accessible rows for the `select` operation.
